Managing SharePoint On-Premises vs. Online: Compare & Contrast

CHRISTIAN BUCKLEY

MANAGING DIRECTOR @GT_CONSULT

Christian BuckleyManaging Director & Office 365 MVP

GTconsult

www.buckleyplanet.com

@buckleyplanet

cbuck@gtconsult.com

Managing SharePoint On-Premises vs. Online

What I’ll cover today:

• The evolution of SharePoint management

• What’s different about SharePoint Online

• Considerations for your transition to the cloud

• Best practices for managing a hybrid solution

The evolution of SharePoint management

SharePoint Growth & Evolution

SharePoint ReleasesMetadata

Content

Infrastructure maintained solely for customer

On premises or off

Managed by the customer, or by a 3rd party hoster

Private Cloud Hybrid Cloud

Multiple infrastructure options

Components both on premises and off premises

Management spread between customer and 3rd party hosters

Infrastructure shared by multiple customers

Off premises

Managed by 3rd party on behalf of customers

Public Cloud

More infrastructure options

http://social.technet.microsoft.com/wiki/contents/articles/4633.what-is-infrastructure-as-a-service.aspx

Build

Buy

In HouseOut Source

Partner Hosted Private Cloud

• Dedicated environment

• Externally hosted

• Externally or internally managed

• Internally designed

Self Hosted Private Cloud

• Dedicated environment

• Internally hosted

• Internally managed

• Internally designed

Shared or Dedicated Public

Cloud• Shared or dedicated

environment

• Externally hosted

• Externally managed

• Externally designed

Public Dedicated Cloud

• Partially or fully dedicated

• Externally hosted

• Externally or internally managed

• Minimal customization

Traditional on premises

Ye Olde Build vs. Buy argument

http://social.technet.microsoft.com/wiki/contents/articles/4633.what-is-infrastructure-as-a-service.aspx

Infrastructure

Platform

Software

Service Delivery

Financial Management

DemandManagement

Business Relationship Management

Service Catalog

Management

Service Lifecycle

Management

Service Level Management

Continuity & Availability

Management

CapacityManagement

Information Security

Management

Op

era

tion

s

Man

ag

em

en

t

Understanding service delivery roles

What are the 5 most common SharePoint management concerns?

1. Defining (and communicating) policies and procedures

Always start with non-technical elements

Develop a security policy

Implement a training plan for end users

Develop a strategy for ensuring users know what content is confidential

34% of IT administrators said that they'd "sneaked a peek" at documents they weren't authorized to view, including employee details and salary information (DarkReading)

2. Failure to implement any kind of permissions best practices

Apply permissions using Least Privileged principles

Don’t give users Direct Access

Embrace SharePoint Groups and/or Active Directory Groups

Ensure Appropriate Use of the Authenticated Users Group

Clean up Orphan Users

Use Broken Inheritance Responsibly

Revoke permissions quickly

3. Failure to regularly audit access to content and sites

Are we adhering to Compliance or Governance requirements?

Who has been accessing specific content?

How often are specific sites being accessed?

What features of SharePoint are being used?

Are we managing the volume of log data?

4. Failure to monitor changes to security settings

SharePoint security requirements change over time

Ensure users are continuing to adhere to security policies

Prevent users from causing havoc

We need to plan how we will stay on top of changes

5. Failure to empower users and admins with the right permissions

Find your responsible business content owners

Enable and Equip them to manage access to their content

Ensure management access is limited to those with appropriate permissions

Segment your administration responsibilities – Power Users, business owners

How to manage within SharePoint Online

Impacts of Office 365

In some ways, it simplifies Governance

SharePoint and Exchange are primarily affected

Biggest impact of 365 has is on sizing limits

Data sprawl must be watched more carefully in Office 365 to avoid hitting capacity limits!

Feature Specifications

Storage (pooled)

10 GB per user500 MB per entprse user 5 TB per Company

Site collection storage quotas

100 GB

My Site storage allocation

500 MB

Site collections per tenant

300

Mailbox Size 25 gig

From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole

Tactical Team Responsibilities

Operations Team

• Help Enforce Governance Plan

• Manage Routine Maintenance Tasks:

• Nightly Backups

• Usage Monitoring & Analysis

• Scheduled Task Validation

• Security Release & System Upgrades

Support Team

• Create Support System with SLA’s

• Respond to questions, bugs and other issue resolution

• Provide typical SharePoint Admin roles such as:

• Site Provisioning

• Security Permissions for users and groups

Development Team

• New features and program management while adhering to standards.

• Develop customized & personalized solutions for departments & division sites.

Whose job will be changing the most?

From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole

Tactical Team Responsibilities

Operations Team

• Help Enforce Governance Plan

• Manage Routine Maintenance Tasks:

• Nightly Backups

• Usage Monitoring & Analysis

• Scheduled Task Validation

• Security Release & System Upgrades

• Oracle & DBA Role will be eliminated

• Active Directory Role could change (Ping Identity, FBA, etc.)

• No Equipment to Support

Support Team

• Create Support System with SLA’s

• Respond to questions, bugs and other issue resolution

• Provide typical SharePoint Admin roles such as:

• Site Provisioning

• Security Permissions for users and groups

Development Team

• New features and program management while adhering to standards.

• Develop customized & personalized solutions for departments & division sites.

From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole

Management Shell

SharePoint Online Management Shell is a Windows PowerShell module that you can use to efficiently manage SharePoint Online users, sites, site collections, and organizations

You can find a list of available cmdlets here (TechNet)

Simple mode Admin experience

When you’re in Simple mode in the SharePoint Online admin center, the left-hand navigation shows only site collections, user profiles, and settings.

Advanced mode

Streamlined Admin tasks

Easier to add users, auto assign available licenses, reset passwords, and manually set passwords (instead of auto generated)

Control top navigation

Microsoft System Center 2012 R2

Microsoft System Center is an integrated management platform that helps you manage data center, client devices, and hybrid cloud IT environments. Office 365 admins who use System Center now have the option to import the Office 365 Management Pack, which enables you to view all service communications within Operations Manager in System Center.

Using this tool gives you access to the status of your subscribed services, active and resolved service incidents, and your Message Center communications.

System Center supports alerts that are generated when a specific condition, such as a service incident in a subscribed service, occurs. You can configure these alerts so they trigger email notifications, keeping you in the loop on the status of your environment.

<Sidebar>Partner Perspective

Sidebar: Partner Perspective

Microsoft provides management tools and a dashboard, referred to as the Partner Admin Center, specifically for partners that maintain Office 365 environments for their customers.

This tool supersedes an Office 365 admin center that didn't consolidate all of a partner's customers and was more focused on selling new or additional services.

The new partner admin center has five main functions: To provide a Microsoft service-outage notification service to keep

partners a step ahead of customers.

To provide a view into a customer's Office 365 service health status and details.

To provide a federated view of all of the partner’s customers for which it has delegated admin privileges.

To enable a partner to create, edit and view service requests on behalf of customers.

To allow a partner to perform administrative tasks on behalf of customers.

Sidebar: Partner Perspective

A client management tab shows all of a partner's customers along with any alerts next to each customer's name about their service health. Drilling into the service health tab for each customer shows a granular list of the services a customer uses.

Each service has a green checkmark for the day if all is well, or one of a number of symbols if all isn't well. Trouble signals include service interruption, service degradation, restoring service, extended recovery, investigating, service restored or additional information.

</sidebar>

Office 365 Service Communications API

The Office 365 Service Communications API enables you to access Office 365 service communications the way you want. This API gives you the ability to create or connect your tools to Office 365 service communications, potentially simplifying how you monitor your environment.

The Service Communications API enables you to monitor the following in your environment:

Real-time service health. New and ongoing service incidents and ongoing maintenance events that impact you can be queried for status updates.

Message Center communications. Find Message Center communications that are applicable to your Office 365 environment.

Planned maintenance notification. Advanced notification of planned maintenance enables you to develop appropriate communications and operational strategies for your organization.

The Service Communications API also supports admins who manage Office 365 environments on behalf of others, for example, partners.

O365 Message Center

Remember to check the Message Center regularly to stay in the loop and up to date with what is going on in your Office 365 environment.

Notifications on any potential issues with your environment, changes to your service, and other communications from Microsoft will come through the Message Center.

Proactively check DNS records

To help ensure that you have the correct configuration, Microsoft provides a solution that enables Office 365 to proactively check your DNS records.

If your DNS records do not match your environment, you will receive a notification through the Office 365 admin center, including proposed actions to resolve potential DNS records issues.

Boundaries and Limitations

Find the boundaries and limitations based on your Office 365 plan: Storage per user (contributes to total storage base of tenant)

Additional storage (per GB per month); no minimum purchase

Storage base per tenant

Site collection storage limit

Site collections (#) per tenant

Sub-sites

Personal site storage

Public Website storage default

File upload limit

File attachment size limit

Sync limits

Maximum number of users per tenant

Number of external user invitees

Security, compliance, and privacy

With Office 365, Microsoft thinks about security, compliance, and privacy as having two equally important dimensions: 

Service-level capabilities that include technical features, operational procedures, and policies that are enabled by default for customers using the service.

Customer controls that include features that enable businesses to customize the Office 365 environment based on the specific needs of their organization. 

See the Office 365 Trust Center information portal for more information

Searching for Sensitive Data

Data Loss Prevention (DLP) for SharePoint Online and OneDrive for Business is now built into your existing Enterprise Search. It allows you to search for sensitive content in your existing eDiscovery Center.

Search on 51 built-in sensitive information types across both SharePoint Online and OneDrive for Business.

Export the results or download a copy of the query results, or save the query so that you can conduct in-depth research on the query results. Once saved, you can inspect the documents, check for false positives, and further hone or expand the query if needed. Document location is included, as well as the original file structure from SharePoint, so that all paths are preserved in the downloaded copy.

Use DLP in SharePoint Online to identify sensitive data stored on sites (TechNet)

Creating information management policies

Create a policy to use on multiple content types within a site collection.

Create a policy for a site content type.

Create a policy for a list or library. (location-based retention policy)

Audit log events

Opened and downloaded documents, viewed items in lists, or viewed item properties (This event is not available for SharePoint Online sites)

Edited items

Checked out and checked in items

Items that have been moved and copied to other location in the site collection

Deleted and restored items

Changes to content types and columns

Search queries

Changes to user accounts and permissions

Changed audit settings and deleted audit log events

Workflow events

Custom events

Available audit reports

Content modifications. Reports changes to content, such as modifying, deleting, and checking documents in and out.

Content type and list modifications. Reports additions, edits, and deletions to content types.

Content viewing. Reports users who have viewed content on a site. In SharePoint Online, this report will be blank as these events are not captured during auditing.

Deletion. Reports what content has been deleted.

Run a custom report. You can specify the filters for a custom report, such as limiting the report to a specific set of events, to items in a particular list, to a particular date range, or to events performed by particular users.

Expiration and Disposition. Reports all events related to how content is removed when it expires.

Policy modifications. Reports on events that change the information management policies on the site collection.

Auditing settings. Reports changes to the auditing settings.

Security settings. Reports changes to security settings, such as user/group events, and role and rights events.

Managing your App catalog

The app catalog is how you make apps available to your organization.

It’s a SharePoint library that contains all of the apps you have for your org.

The Office clients point to this library, so if you want to give your users access to a new app for Office, just add the manifest file to the library, and the app will automatically show up.

Also true for SharePoint apps. Just add the app package to library and it will appear for everyone.

Since the app catalog is a SharePoint library you can easily manage who gets access to what app, and quickly make updates when needed.

External collaboration settings

Office 365 provides a single console from which you can manage external collaboration.

By enabling these settings, you can give your users the ability to share access to their SharePoint sites and documents and Exchange calendars, so they can collaborate more easily with people in external organizations.

By enabling the Lync collaboration setting, you can give your users the ability to communicate with people outside of your organization.

Platform Telemetry

What documents are used by the most people?

What documents host apps?

What are the most popular apps?

Are they running properly and not, for example, consuming too much CPU time?

Are solutions loading from the local disk? SharePoint? As mail attachments?

How long do add-ins slow down the loading of Office apps?

How can I manage solutions centrally?

Deploy Telemetry Dashboard (TechNet)

What about OneDrive?

Sync & share documents

Collaborate on document security with individuals inside and outside the company

Access content and information anywhere and from almost any device

Control content life cycle and versioning

Manage access permissions

Access with native mobile client apps for windows 8 and IOS.

3rd party company (concept searching)to manage – could solve compliance and governance issues with OneDrive

From Office365: Is Governance Affected and Where Do We Start? By Stacy L. Deere-Strole

Transition toward the cloud

Keeping up to date with the Office 365 Roadmap

Adjusting to Office 365 Updates

No access to Correlation errors or backend.

No ability to troubleshoot. If you receive an error, the logs don’t provide much help because it can take Microsoft days or weeks to come back with a correlation ID, if they do at all.

The continual updates to the site can also cause strange errors. For example, for a couple of weeks you couldn’t save a template of a site. This was caused by some code changes the developers had made on the server which obviously needed to be rolled back or fixed, but requires the entire O365 environment to be hot-fixed.

Adjusting to Office 365 Updates

You may have to use different management tools.

Moving to Office 365 means giving up some level of control. For example, you won't have any control over the patch management process, software upgrades, and other similar administrative tasks.

Management considerations for hybrid

Factors in your cloud planning

Location / facilities Software licenses and support Hardware and maintenance Onsite support, personnel skills Level of customization Governance, auditing, security, compliance Disaster Recovery and Business Continuity Upgrades and migration

#T16CloudESPC

Location / facilities

Need space and maintenance planning

Most likely provided

Software licenses and

support

Licensing costs, but also upgrades and ongoing support

Included in vendor-hosted solutions

Hardware and maintenance

Need to purchase, support and maintain, and upgrade as platform matures

Included in vendor-hosted solutions

Onsite support, personnel skills

Administrative, developer, and end user skills and training

Still requires administrative and possibly dev skills, end user training

On Premises Cloud Hybrid

Need space and maintenance planning

Licensing costs, but also upgrades and ongoing support

Need to purchase, support and maintain, and upgrade as platform matures

Administrative, developer, and end user skills and training

Level of customization Full control

Limited to none in SaaS, some control over PaaS, full control over IaaS

Limited ability to integrate depending on SaaS, PaaS, or IaaS

Governance, auditing, security,

compliance

Many limitations OTB, but very robust tools from partners

Limited

Very complex across on prem and cloud components, very manual

Disaster Recovery and

Business Continuity

Needs to be planned, limited features OTB

Defined in SLAs

Upgrades and migration

Some OTB capabilities, 3rd party for tighter control and predictability

Microsoft recommends 3rd party tools

On Premises Cloud Hybrid

Very complex across on prem and cloud components, very manual

Some OTB capabilities, 3rd party for tighter control and predictability

Identify requirements

Map requirements to SharePoint functionality

Make the difficult decisions

Ongoing operations management

Business Need Service

Best Practices

Focus on the user experience

Make governance a priority

Look at your systems holistically (a business view), regardless of where the servers sit

Clarify and document your permissions, information architecture, templates, content types, taxonomy -- and ownership of each

First define what policies, procedures, and metrics are needed to manage your environment, and then look at what is possible across your various tools and platforms

Thank you!

www.buckleyplanet.com

@buckleyplanet

cbuck@gtconsult.com

www.gtconsult.com